SC-7 Boundary Protection

Description

Managed interfaces include, for example:

  1. gateways,
  2. routers,
  3. firewalls,
  4. guards,
  5. network-based malicious code analysis and virtualization systems, or
  6. encrypted tunnels implemented within a security architecture (e.g., routers protecting firewalls or application gateways residing on protected subnetworks).

Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones or DMZs.

Restricting or prohibiting interfaces within organizational information systems includes, for example, restricting external web traffic to designated web servers within managed interfaces and prohibiting external traffic that appears to be spoofing internal addresses.

Organizations consider the shared nature of commercial telecommunications services in the implementation of security controls associated with the use of such services.

Commercial telecommunications services are commonly based on network components and consolidated management systems shared by all attached commercial customers and may also include third party provided access lines and other service elements. Such transmission services may represent sources of increased risk despite contract security provisions.

Applicability

The Chief Information Security and Privacy Officer (CISPO), or designee, is responsible for implementing this Control.

Implementation

The Chief Information Security and Privacy Officer (CISPO), or designee, is responsible for:

  1. Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system;
  2. Implements subnetworks for publicly accessible system components that are separated from internal organizational networks; and
  3. Ensuring connects to external networks or information systems are only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events